Public bug reported: This behavior is observed on a setup where, under normal circumstances everything runs very well, i.e. when both the sssd client and the AD provider are connected.
During an enforced absence (for redundancy testing) of the AD provider, sssd client authenticates users very well with cached user credentials (as expected by the configuration). However, on return of the AD provider, sssd client behaves erratically. Sometimes, user authentications are refused outright and other times it takes a long time to authenticate. Debug logs at level 7 shows, on periodic basis (around 70+ seconds) sssd client attempts to go online with AD provider, but fails consistently dropping back to offline (logs attached). Notably, the service can only be restored by restarting sssd service at the client. It was suggested at sssd project (https://fedorahosted.org/sssd/ticket/3248) that, as a workaround to install adcli, it does resolve the issue. This looks like an issue for sssd under Ubuntu 16.04.01 LTS. Client (sssd) is on an Ubuntu 16.04.1 server with Samba 4.3.11 and SSSd 1.13.4. Description: Ubuntu 16.04.1 LTS Release: 16.04 krb5-user: Installed: 1.13.2+dfsg-5 Candidate: 1.13.2+dfsg-5 ntp: Installed: 1:4.2.8p4+dfsg-3ubuntu5.3 Candidate: 1:4.2.8p4+dfsg-3ubuntu5.3 samba: Installed: 2:4.3.11+dfsg-0ubuntu0.16.04.1 Candidate: 2:4.3.11+dfsg-0ubuntu0.16.04.1 sssd: Installed: 1.13.4-1ubuntu1.1 Candidate: 1.13.4-1ubuntu1.1 ** Affects: sssd (Ubuntu) Importance: Undecided Status: New ** Tags: ad cached credentials offline online ** Attachment added: "Level 7 log of the SSSd, at the time of trying to go online." https://bugs.launchpad.net/bugs/1645291/+attachment/4784074/+files/sssd_L7_0.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1645291 Title: SSSd consistently goes offline upon the AD provider's recovery To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1645291/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs